The gsallocref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libgs9-dbgsym": "9.10~dfsg-0ubuntu10.10", "ghostscript-dbgsym": "9.10~dfsg-0ubuntu10.10", "ghostscript-dbg": "9.10~dfsg-0ubuntu10.10", "ghostscript-doc": "9.10~dfsg-0ubuntu10.10", "ghostscript-x": "9.10~dfsg-0ubuntu10.10", "libgs9": "9.10~dfsg-0ubuntu10.10", "ghostscript-x-dbgsym": "9.10~dfsg-0ubuntu10.10", "libgs-dev-dbgsym": "9.10~dfsg-0ubuntu10.10", "libgs9-common": "9.10~dfsg-0ubuntu10.10", "ghostscript": "9.10~dfsg-0ubuntu10.10", "libgs-dev": "9.10~dfsg-0ubuntu10.10" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libgs9-dbgsym": "9.18~dfsg~0-0ubuntu2.7", "ghostscript-dbgsym": "9.18~dfsg~0-0ubuntu2.7", "ghostscript-dbg": "9.18~dfsg~0-0ubuntu2.7", "ghostscript-doc": "9.18~dfsg~0-0ubuntu2.7", "ghostscript-x": "9.18~dfsg~0-0ubuntu2.7", "libgs9": "9.18~dfsg~0-0ubuntu2.7", "ghostscript-x-dbgsym": "9.18~dfsg~0-0ubuntu2.7", "libgs-dev-dbgsym": "9.18~dfsg~0-0ubuntu2.7", "libgs9-common": "9.18~dfsg~0-0ubuntu2.7", "ghostscript": "9.18~dfsg~0-0ubuntu2.7", "libgs-dev": "9.18~dfsg~0-0ubuntu2.7" } ] }